If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

executable files in linux...

I know that a system with windows (without strong anti-virus) would be easily pulled down by the viruses in the LAN whereas in linux it's no so..
I heard that in Windows the files are identified by their file extension like .exe,.com,etc(andhence the viruses with .exe extensions run easily on windows system).. whereas in Linux it is by the file type and hence .exe or whatever executable file is their it won't run without the permission of the superuser.Please explain.....

File types in linux

In GNU/Linux systems the file type is determined by its data context (a file is recognized by its data: a script begin with "#!/bin/sh", an MP&#163; file with "ID3", and MPEG file with 0xBA hex code... and so on). So the file extension become unusefull (because if I rename test.mp3 to test.exe or test.txt its data doesn't change, and remains always an MP3 file and it is recognized as MP3 file). (see the file command!)

Executables files are recognizable by their data, but they can be executable only if it's execution permission bit is set (do you know about permission bitmask???). If executable bit is set, and if the file is an executable recognized by the running kernel, the application starts.

An executable run with the permission of the caller: so if you run an application as user, the application have the permission of the user. If the user is "root", the application can do anything root can do!

Then, certain executable can be run only with root permissions, because it may edit some configuration file or anything else. So the application can do its job only if the application was started by the administrator (root).

If any application need superuser privileges, but should be run by any user, executable file have an extra permission bit: the SUID bit (Set User ID). When this bit is set, the permissions at run time doesn't depends on the application caller, but the file owner (do you about file owner/group?). So if application has SUID bit set and it's owned by root, when any user run the SUID executable, run application with root privileges.

That's because GNU/Linux system are harder to break. To modify system configuration (to introduce viruses, root kits, backdoors...) you should break services that runs with root provileges, otherwise none can modify the system. SUID application are very rare, and often they are secure. However, even if an application runs with root privileges, often it is closed into a limited sub-system (called root jail), wich is a minimal system "running" on top of the system. If application is break, it is limited into the minimal system, so it cannot iteract with the real system running.

Last edited by sarumont; 01-12-2006 at 01:47 AM.

When using Windows, have you ever told "Ehi... do your business?"
Linux user #396597 (http://counter.li.org)